Goodnight Byte: HackThisSite Walkthrough, Part 3 - Legal Hacker Training
The mission greets us with:
"This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot."
If we look at the source and scroll to the form action, we can see this:
Alternatively, we can hit Flie > Save Page As and then save the page to our desktop. This allows us to modify the HTML directly and change the email. However, in order to make this HTML document work, we need to point it to the full URL of HackThisSite. This is because the page is no longer on their host, so we need the full file path—rather than the shortened version. In the form action (posted above), we need to edit the full file paths into lines 1 and 3. Don't forget to change the email to yours in line 2.
<form action="http://hackthissite.org/mssions/basic/4/level4.php" method="post">
<form action="http://hackthissite.org/mssions/basic/4/index.php" method="post">
When that's all set up, open the page in your browser and click the password button. Problem solved!
A small PHP script that hid the email and sent the password would be far more secure, because it would be processed on the server end, as well as hidden from user sight.
Check back Monday for details on our next session. So please, join IRC and come learn!